How to deal with protect_from_forgery to make Rails applications communicate?

Question

I have a Rails app that will post some data to another Rails app. For some reasons I don't want to use ActiveResource, so I used something like:

  res = Net::HTTP.post_form(URI.parse('http://localhost:3030/support_requests/new'),
                                    {'from'=>'somebody', 'due'=>'2009-03-31'})

It happens that the other app throws a InvalidAuthenticityToken, It makes sense, since I didn't send any authenticity_token.

My question is, how can I make one app to send proper auth token to another?

Answer 1

You don't have to use ActiveResources. If you send your request as xml then it'll bypass the protect_from_forgery.

curl -H "Content-Type: text/xml" -d "<support-request><from>...</from></support-request>" -X POST http://localhost:3000/support_requests.xml -i

It should be pretty straightforward.